Hi Pushpa, As you have discovered, there are two AES192 standards. When you select AES192 (with no C) this is the IETF draft Blumenthal standard.
When you select AES192C this is the Cisco "standard". What is the actual difference? As far as I can tell, it comes down to the OID used for some of the parameters like the IV. The Cisco standard uses something under enterprises.Cisco, as you would expect, while the draft IETF standard uses something under enterprises.ESO ESO is Extended Security Options consortium, you can see their MIB at http://www.snmp.com/eso/esoConsortiumMIB.txt To me, it looks like the same protocol, just how it identifies itself and where it stores things changes. So it's not like one is doing CFB and the other thought for some reason ECB was the way to go. If you look online for SNMP and AES 192 or 256, you can see this confuses a bunch of people (e.g. AES192 works for device X, but not device Y, why?) - Craig ObXKCD https://xkcd.com/927/ On Wed, 15 Sept 2021 at 01:51, Pushpa Thimmaiah <pushpa.thimma...@gmail.com> wrote: > Hi Folks, > > I am using SilverCreek as mib browser(windows10) and net-snmp-.5.9 on > snmp-agent(linux). > > *snmp-agent* > creatUser testmd5aes192 MD5 testingauth AES192 testingpriv > > *SilverCreek* > It provides CFB-AES192 option for privprotocol . So I selected > authprotocol as 'MD5' and priv protocol 'CFB-AES192' > snmpquery on fails for this > > So, I changed AES192 to AES192C at snmp-agent side as mentioned below and > it works > creatUser testmd5aes192 MD5 testingauth AES192C testingpriv > > Kindly let me know when to use AES192 and AES192C. Is it based on cipher > methods of AES? > > Thanks, > Pushpa.T > > > _______________________________________________ > Net-snmp-coders mailing list > Net-snmp-coders@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/net-snmp-coders >
_______________________________________________ Net-snmp-coders mailing list Net-snmp-coders@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
